DVPN large-scale networking and spoke

ABSTRACT

According to an example a Dynamic Virtual Private Network (D-VPN) large-scale networking method includes establishing, by a Spoke, a DVPN channel with a Hub; issuing, by the Spoke, subnet information about the Spoke to the Hub; and obtaining, by the Spoke, subnet information about the Hub and another Spoke as well as corresponding private network address of a next hop sent by the Hub.

CLAIM FOR PRIORITY

The present application is a national stage filing under 35 U.S.C 371 ofPCT application number PCT/CN2012/086489, having an international filingdate of Dec. 13, 2012, which claims priority of China application number201210033621.0 having a filing date of Feb. 15, 2012, the disclosure ofwhich is hereby incorporated by reference in its entirety.

BACKGROUND

More and more enterprises put forward higher requirements forestablishing a Virtual Private Network (VPN) utilizing a public network.However, in many cases, an enterprise branch may access a public networkwith a dynamic address. Thus, a public network address of peer endcannot be learned in advance. Subsequently, it is difficult to establisha direct exchange channel among each branch.

BRIEF DESCRIPTIONS OF THE DRAWINGS

Features of the present disclosure are illustrated by way of example andnot limited in the following figure(s), in which like numerals indicatelike elements, in which:

FIG. 1 is a flowchart illustrating DVPN large-scale networking,according to an example of the present disclosure.

FIG. 2 is a flowchart illustrating the DVPN large-scale networking,according to another example of the present disclosure.

FIG. 3 is a block diagram illustrating structure of Spoke in the DVPNlarge-scale networking, according to an example of the presentdisclosure.

FIG. 4 is a schematic diagram illustrating a networking structure of theDVPN, when networking type is Full-Mesh, according to an example of thepresent disclosure.

FIG. 5 is a schematic diagram illustrating a networking structure of theDVPN, when networking type is Hub-Spoke, according to an example of thepresent disclosure.

DETAILED DESCRIPTION

For simplicity and illustrative purposes, the present disclosure isdescribed by referring mainly to an example thereof. In the followingdescription, numerous specific details are set forth in order to providea thorough understanding of the present disclosure. It will be readilyapparent however, that the present disclosure may be practiced withoutlimitation to these specific details. In other instances, some methodsand structures have not been described in detail so as not tounnecessarily obscure the present disclosure. As used throughout thepresent disclosure, the term “includes” means includes but not limitedto, the term “including” means including but not limited to. The term“based on” means based at least in part on. In addition, the terms “a”and “an” are intended to denote at least one of a particular element.

A DVPN solution may be formed by two parts, that is, VPN AddressManagement (VAM) protocol and dynamic point-to-multipoint channel. VAMprotocol, which is taken as main protocol in the DVPN solution, is incharge of collecting, maintaining, distributing information, such aspublic network address, to facilitate a user to establish an internalsecurity channel quickly and conveniently. A private network address ofa next hop about a data packet, which is forwarded among enterpriseinternal subnets, may be obtained with a routing protocol. The publicnetwork address corresponding to the private network address of the nexthop about the above data packet may be obtained with the VAM protocol.The above data packet may be encapsulated with the public networkaddress as channel destination address. Subsequently, the encapsulateddata packet may be submitted to the established security channel andsent to a destination user.

Each client, e.g., each Hub and each Spoke, may register a correspondingrelationship between public network address and private network addressof itself to a server. After a current client registers successfully tothe server, other clients may query the public network address about thecurrent client from the server, so as to establish a DVPN channel amongclients. Message transmission between sever and client may beimplemented with the VAM protocol. Establishment, maintenance anddeletion of channel among clients may be implemented with the DVPNchannel protocol.

Networking type of the DVPN includes star topology Hub-Spoke and meshtopology Full-Mesh. Specifically speaking, the networking type may beconfigured on the VAM server. After registering to the VAM server by theHub, the VAM server may issue the configured networking type to the Hub.Alternatively, the networking type may be directly configured on theHub.

With reference to FIG. 4, FIG. 4 is a schematic diagram illustrating anetworking structure of the DVPN, when networking type is Full-Mesh,according to an example of the present disclosure. The networkingstructure in FIG. 4 includes Hub 201, Spoke 202, Spoke 203 and VAMserver 204. Hub 201, Spoke 202, Spoke 203 and VAM server 204 may beconnected with each other via a public network. Each of Hub 201, Spoke202, Spoke 203 connects with a private network. When registering to theVAM server 204, each of Hub 201, Spoke 202 and Spoke 203 may carryrespective private network gateway address and public network address.After registering successfully, each client may search out publicnetwork address of each of other clients from the VAM server 204.Subsequently, each client may establish a DVPN channel between or amongclients via the public network, according to the public network address.In the Full-Mesh networking illustrated in FIG. 4, each Spoke hasestablished a DVPN channel with the Hub. Meanwhile, a channel may alsobe established between Spokes. Thus, the flow destined for Spoke 203from Spoke 202, may be directly sent to Spoke 203, via the DVPN channelbetween Spoke 202 and Spoke 203.

FIG. 5 is a schematic diagram illustrating a networking structure of theDVPN, when networking type is Hub-Spoke, according to an example of thepresent disclosure. The networking structure shown in FIG. 5 includesHub 201, Spoke 202, Spoke 203 and VAM server 204, similar to that shownin FIG. 4. The differences between FIG. 5 and FIG. 4 are as follows. Inthe Hub-Spoke networking structure, each Spoke has established a DVPNchannel with the Hub. Generally speaking, there is no channelestablished between Spokes. Thus, the flow destined for Spoke 203 fromSpoke 202, may generally be sent to Hub 201, via DVPN channel 300between Spoke 202 and Hub 201, and then be sent to Spoke 203 via DVPNchannel 301 between Hub 201 and Spoke 203.

In the foregoing DVPN technical solution, subnet routing and next hopaddress of a client may be released with a dynamic routing protocol.After registering to a VAM server successfully, Spoke establishes apermanent DVPN channel with Hub, to learn and release routings. Hub,which is taken as a central node of routing, is in charge of collectingsubnet routing information about all of the Spokes, and then releasingto each Spoke. Thus, when there is data flow to be forwarded amongSpokes, local routing information may be queried, so as to obtain nexthop address of the routing, and to query public network address of peerend from the VAM server.

In the above technical solution, the Hub establishes a routing neighborwith each Spoke. In a large-scale networking, the Hub end maintains alarge number of routing neighbors and routing information. Thus, systemoverhead is large. Routing configuration is complex, and is restrictedby specification of dynamic routing protocol.

In a method of DVPN large-scale networking, which is put forward by thepresent disclosure, each Hub and each Spoke in the networking mayregister to a VAM server. The VAM server may issue Hub informationwithin a domain to each Spoke.

A Spoke may establish a DVPN channel with a corresponding Hub, accordingto the Hub information issued by the VAM server. The Spoke may sendsubnet information of the Spoke to the Hub, to enable the Hub togenerate subnet routing to the Spoke. The Spoke may receive subnetinformation about the Hub and another Spoke, as well as correspondingprivate network address of next hop sent by the Hub, and generate subnetrouting information about the Hub and other Spoke. The above subnetinformation about the other Spoke is obtained by the Hub.

The generated subnet routing information about the Hub includes subnetinformation and private network address about the Hub. The subnetrouting information about the other Spoke includes subnet informationabout other Spoke, and the corresponding private network address of nexthop received. When the current networking type is star topologyHub-Spoke, that is, a DVPN channel may only be established between a Huband a Spoke, the private network address of the next hop correspondingto the subnet network about other Spoke is a private network address ofthe Hub. When the current networking type is mesh topology Full-Mesh,that is, a DVPN channel may not only be established between a Hub and aSpoke, but also be established between Spokes according to requirements,the private network address of the next hop corresponding to the subnetinformation about other Spoke is a private network address of the otherSpoke.

Networking type may be configured in the VAM server. After the Hubregisters to the VAM server, the VAM server may issue the configurednetworking type to the Hub. The networking type may also be directlyconfigured in the Hub. When sending the subnet information about theother Spoke and corresponding private network address of the next hop toeach Spoke, the Hub may determine whether the private network addresssent out corresponds to the Spoke or the Hub, according to currentnetworking type.

When the subnet information about the Spoke changes, the Hub may beinformed about the subnet information changed via the established DVPNchannel. Subsequently, the Hub may be enabled to inform all of the otherSpokes, each of which has established a DVPN channel with the Hub, tochange the subnet information about the Spoke.

When the Spoke is off line, the Spoke may delete routing informationgenerated by the Spoke, and inform Hub with which the DVPN channel isestablished, to remove corresponding DVPN channel. Subsequently, the Hubmay be enabled to delete corresponding routing information, and toinform all of the other Spokes, each of which has established a DVPNchannel with the Hub, to delete corresponding routing information. TheDVPN channel established by the Hub may also be removed.

When the subnet information about the Spoke changes, the Spoke mayinform the Hub about the subnet information changed, to enable the Hubto re-generate subnet routing information to the Spoke, according to thesubnet information about the Spoke. The Hub may also be enabled toinform all of the other Spokes, each of which has established a DVPNchannel with the Hub, current subnet information about the Spoke, andcorresponding private network address of a next hop.

When the Spoke has established a DVPN channel with another Spoke, andthe subnet information about the Spoke changes, the Spoke informs theHub and the another Spoke with which a DVPN channel is respectivelyestablished, about the subnet information changed via respective DVPNchannel, and enables the Hub to inform all of the other Spokes, each ofwhich has established a DVPN channel with the Hub, to change the subnetinformation about the Spoke.

When the Spoke has established a DVPN channel with another Spoke, andwhen the Spoke is off line, the Spoke deletes routing informationgenerated locally, informs the Hub and the another Spoke with which aDVPN channel is respectively established, to remove the correspondingDVPN channel, enables the Hub to delete corresponding routinginformation and to inform all of the other Spokes, each of which hasestablished a DVPN channel with the Hub, to delete the correspondingrouting information, and removes the DVPN channel established locally bythe Spoke.

When receiving a notification to remove the DVPN channel sent by theHub, the Spoke may delete routing information generated by the Spoke andthe DVPN channel, and try again to establish a DVPN channel with theHub, until the VAM server informs that the Hub is off line.

When receiving a notification to remove the DVPN channel sent by theHub, the Spoke may firstly delete the generated routing information andthe DVPN channel. However, the Spoke may continue and take theinitiative to establish a DVPN channel with the Hub. Since the Spokecannot determine whether the Hub is malfunctioning or off line, theSpoke may not continue to establish the DVPN channel with the Hub, untilthe VAM server informs that the Hub is off line.

When the Spoke has established a DVPN channel with another Spoke, andreceives a notification to remove the DVPN channel sent by the anotherSpoke, the current Spoke may remove the corresponding DVPN channelestablished.

After receiving the subnet information about the other Spoke andcorresponding private network address of next hop, which are sent by theHub, the Spoke may determine whether the Spoke has generated the subnetrouting information about the Spoke. When determining that the Spoke hasgenerated the subnet routing information about the Spoke, the Spoke maygenerate and update the subnet routing information, according to thereceived subnet information about the Spoke and corresponding privatenetwork address of next hop. Otherwise, the Spoke may generate thesubnet routing information, according to the received subnet informationabout the Spoke and corresponding private network address of next hop.After receiving a notification to delete routing informationcorresponding to other Spoke sent by the Hub, the Spoke may deletecorresponding routing information from the routing information generatedby the Spoke.

When the Spoke has generated the subnet routing information aboutanother Spoke, the identifier of which is newly transmitted by the Hub,it means that the subnet information about the another Spoke changes,which has already been informed by the Hub. When the Spoke previouslydoesn't generate the subnet routing information about another Spoke, theidentifier of which is newly transmitted by the Hub, the another Spokeis a new Spoke online. When the networking type is Full-Mesh, theprivate network address of the next hop corresponding to the subnetinformation about other Spoke is a private network address of the otherSpoke.

By adopting the DVPN larger-scale networking method and Spoke putforward by the present disclosure, flexibility about DVPN networking maybe improved. System overheads and routing configuration about the Hub inthe large-scale networking may also be reduced.

In the above method put forward by the present disclosure, the Spoke mayestablish a DVPN channel with a Hub, send subnet information about theSpoke to the Hub, and obtain subnet information about the Hub andanother Spoke as well as corresponding private network address of nexthop sent by the Hub. Thus, dependence on a dynamic routing protocol ofthe DVPN channel may be released. Flexibility about the DVPN networkingmay be improved. System overhead and routing configuration about the Hubin the large-scale networking may also be reduced.

In the following, how each VAM client obtains subnet information aboutother VAM client in the DVPN large-scale networking is described indetail, accompanying with figures and specific examples.

With reference to FIG. 1, FIG. 1 is a flowchart illustrating DVPNlarge-scale networking, according to an example of the presentdisclosure. Specific blocks are as follows.

Block 101: after establishing a DVPN channel with a Hub, the Spoke sendssubnet information of the Spoke to the Hub via the established DVPNchannel, and enables the Hub to generate subnet routing information tothe Spoke.

In the block, the Spoke can establish the DVPN channel with the Hubaccording to a conventional method. In specific implementations, whensending the subnet information of the Spoke to the Hub via theestablished DVPN channel, the Spoke may encapsulate informationnecessary to be sent into the packet, and enable the packet carryingnecessary information to be forwarded via the established DVPN channel.Specific packet form and format may be configured according to specificapplications.

The subnet routing information, which is generated by the Hub, includessubnet information about the Spoke and private network address of a nexthop. In specific implementations, the Hub may record generated subnetrouting about each Spoke in a static routing table, to facilitateupdating and querying.

Block 102: the Spoke may receive the subnet information about the Huband another Spoke, as well as corresponding private network address ofnext hop, which are sent by the Hub, via the established DVPN channel,and generate subnet routing information about the Hub and the otherSpoke. The subnet information about the other Spoke is obtained by theHub.

Specific contents about the subnet routing information of the Hub andother Spoke in the block are described in detail in the foregoing.Similarly, above subnet routing information may also be recorded in astatic routing table generated by the Spoke, to facilitate querying andupdating. After obtaining the subnet information and correspondingprivate network address of the next hop, how to generate the subnetrouting information and how to record and store may employ existingtechnologies, which are not repeated here.

With reference to FIG. 2, FIG. 2 is a flowchart illustrating the DVPNlarge-scale networking, according to another example of the presentdisclosure. The specific blocks are as follows.

Block 201: when establishing a DVPN channel with a Hub, a channelestablishing request packet sent by the Spoke to the Hub carries subnetinformation about the Spoke, to enable the Hub to generate subnetrouting to the Spoke.

Block 202: the Spoke receives a packet in response to the channelestablishing request packet, which carries subnet information about theHub and another Spoke, as well as corresponding private network addressof a next hop, which are sent by the Hub, and generates subnet routinginformation about the Hub and other Spoke. The subnet information aboutother Spoke is obtained by the Hub.

In the example, information necessary to be sent may be carried by achannel establishing request packet sent by the Spoke, and a packet inresponse to the channel establishing request packet, when the Spokeestablishes the DVPN channel with the Hub.

In the above networking method, each Hub and each Spoke may obtainsubnet address about other VAM client and corresponding private networkaddress of next hop, and respectively generate subnet routinginformation to the peer end locally. After receiving a packet necessaryto be sent to other VAM client, the local VAM client may search for theestablished DVPN channel, according to next hop address about subnetrouting generated locally. When a corresponding DVPN channel has beenestablished, the packet may be directly forwarded. When thecorresponding DVPN channel has not been established, the private networkaddress of a next hop is used as a next hop address to analyze the nexthop address to the VAM server, in which the private network address ofthe next hop corresponds to the subnet information located by thedestination address of the packet. A public network address of peer endis obtained, and a corresponding DVPN channel is established.

Based on the same idea, the present disclosure also provides a Spoke,which may be applied to the DVPN large-scale networking. In the network,each Hub and each Spoke may register to a VAM server. Subsequently, theVAM server may issue Hub information within a domain to each Spoke. Withreference to FIG. 3, FIG. 3 is a block diagram illustrating structure ofSpoke in the DVPN large-scale networking, according to an example of thepresent disclosure. The Spoke includes memory 31, and a processor 32 incommunication with memory 31. Memory 31 stores transceiver instruction311 and generating instruction 312, both of which are executable byprocessor 32.

Transceiver instruction 311 indicates to establish a DVPN channel with acorresponding Hub, according to the Hub information issued by the VAMserver. Transceiver instruction 311 indicates to send subnet informationabout a Spoke located by memory 31 to the corresponding Hub, and toenable the corresponding Hub to generate subnet routing to the Spokelocated by memory 31. Transceiver instruction 311 also indicates toreceive subnet information about the Hub and another Spoke, as well ascorresponding private network address of next hop, which are sent by theHub, in which the subnet information about the other Spoke is obtainedby the Hub.

Generating instruction 312 indicates to generate subnet routinginformation about the Hub and the other Spoke, according to the subnetinformation about the Hub and the other Spoke, as well as correspondingprivate network address of next hop sent by the Hub, which are receivedbased on transceiver instruction 311. The subnet information about theother Spoke is obtained by the Hub.

After the DVPN channel has been established with the corresponding Hub,transceiver instruction 311 further indicates to send the subnetinformation about the Spoke located by memory 31 to the Hub via theestablished DVPN channel. Transceiver instruction 311 further indicatesto receive the subnet information about the Hub and the other Spoke, aswell as the corresponding private network address of next hop sent bythe Hub via the DVPN channel. The subnet information about the otherSpoke is obtained by the Hub.

When establishing the DVPN channel with the corresponding Hub,transceiver instruction 311 further indicates to send the channelestablishing request packet to the Hub, in which the channelestablishing request packet carries local subnet information.Transceiver instruction 311 further indicates to receive a packet inresponse to the channel establishing request packet sent by the Hub,which carries the subnet information about the Hub and the other Spokeas well as corresponding private network address of a next hop. Thesubnet information about the other Spoke is obtained by the Hub.

When the subnet information about the Spoke located by memory 31changes, transceiver instruction 311 further indicates to inform the Hubabout the subnet information changed via the DVPN channel, and enablethe Hub to inform all of other Spokes, each of which has established aDVPN channel with the Hub, to change the subnet information about theSpoke. When the Spoke located by memory 31 is off line, transceiverinstruction 311 indicates to inform the Hub, with which the DVPN channelis established, to remove corresponding DVPN channel, enable the Hub todelete corresponding routing information and to inform all of the otherSpokes, each of which has established a DVPN channel with the Hub, todelete corresponding routing information.

When the Spoke located by memory 31 is off line, generating instruction312 further indicates to delete routing information generated locally,and remove the DVPN channel established locally.

Transceiver instruction 311 further indicates to receive a notificationto remove the DVPN channel sent by the Hub.

When the Spoke located by the memory 31 has established a DVPN channelwith another Spoke, the subnet information about the Spoke located bythe memory 31 changes, the transceiver instruction 311 further indicatesto inform the Hub and the another Spoke with which a DVPN channel isrespectively established, the changed subnet information via respectiveDVPN channel, enable the Hub to inform all of the other Spokes, each ofwhich has established a DVPN channel with the Hub, to change the subnetinformation about the Spoke. When the Spoke located by the memory 31 isoff line, the transceiver instruction 311 further indicates to informthe Hub and the another Spoke with which a DVPN channel is respectivelyestablished, to remove the corresponding DVPN channel, enable the Hub todelete corresponding routing information and to inform all of the otherSpokes, each of which has established a DVPN channel with the Hub, todelete corresponding routing information;

When the Spoke located by the memory 31 has established a DVPN channelwith another Spoke, the transceiver instruction 311 further indicates toreceive a notification to remove the DVPN channel sent by the anotherSpoke.

After receiving the notification to remove the DVPN channel sent by theHub according to transceiver instruction 311, generating instruction 312further indicates to delete the routing information generated locallyand the DVPN channel, and try again to establish a DVPN channel with theHub, until the VAM server informs that the Hub is off line.

When the Spoke located by the memory 31 has established a DVPN channelwith another Spoke, and after receiving the notification to remove theDVPN channel sent by the another Spoke according to transceiverinstruction 311, generating instruction 312 indicates to removecorresponding DVPN channel established.

Memory 31 further stores determining instruction 313, which isexecutable by processor 32.

Transceiver instruction 311 further indicates to receive the subnetinformation about other Spoke and corresponding private network addressof next hop sent by the Hub, receive a notification to deletecorresponding routing information about other Spoke sent by the Hub.

When receiving the subnet information about other Spoke andcorresponding private network address sent by the Hub, according totransceiver instruction 311, determining instruction 313 indicates todetermine whether the subnet routing information about the Spoke hasbeen generated according to generating instruction 312.

After determining the subnet routing information about the Spoke hasbeen generated according to determining instruction 313, generatinginstruction 312 further indicates to generate and update the subnetrouting information, according to the subnet information about the Spokeand corresponding private network address of next hop received based ontransceiver instruction 311. Otherwise, generating instruction 312indicates to generate the subnet routing information, according to thesubnet information about the Spoke and corresponding private networkaddress of a next hop received based on transceiver instruction 311.After receiving a notification to delete corresponding routinginformation about the other Spoke sent by the Hub according totransceiver instruction 311, generating instruction 312 indicates todelete corresponding routing information from the routing informationgenerated locally.

When the networking type is Hub-Spoke, the private network address ofnext hop corresponding to the subnet information about the other Spokeis the private network address about the Hub.

When the networking type is Full-Mesh, the private network address ofnext hop corresponding to the subnet information about the other Spokeis the private network address of the other Spoke.

In view of above, in the technical solution of the present disclosure,after the DVPN channel is established between the Spoke and Hub, theSpoke may send the subnet information about the Spoke to the Hub, toobtain subnet information about the Hub and other Spoke as well ascorresponding private network address of a next hop sent by the Hub, inwhich the subnet information about other Spoke is obtained by the Hub.Or, when establishing the DVPN channel, enable the channel establishingrequest packet to carry the subnet information about the Spoke, enable apacket in response to the channel establishing request packet to carrythe subnet information about the Hub and the other Spoke, in which thesubnet information about other Spoke is obtained by the Hub. Thus,dependence on the dynamic routing protocols about the DVPN channel maybe released. Flexibility about the DVPN networking may be improved.System overheads and routing configuration about the Hub in thelarge-scale networking may be reduced.

What is claimed is:
 1. A Dynamic Virtual Private Network (DVPN)large-scale networking method, wherein a Hub, and plurality of Spokesassociated with the Hub and register to a Virtual Private Network (VPN)Address Management (VAM) server, and the VAM server issues Hubinformation within a domain to each Spoke, wherein the method comprises:registering, by the Spoke, with a VAM server that is separate from theSpoke and the Hub; obtaining, by the Spoke, Hub information from the VAMserver; establishing, by the Spoke, a DVPN channel with the Hub over apublic network, according to Hub information issued by the VAM server;sending, by the Spoke, local subnet information to the Hub, to enablethe Hub to generate subnet routing to the Spoke; receiving, by the Spokefrom the Hub, subnet information about the Hub and subnet informationfor another Spoke which is associated with the Hub, as well as acorresponding private network address of a next hop to the Spoke; andgenerating subnet routing information about the Hub and the anotherSpoke.
 2. The method according to claim 1, comprising: afterestablishing the DVPN channel with the corresponding Hub, the sendingincludes sending the local subnet information to the Hub via theestablished DVPN channel; and the receiving includes receiving thesubnet information and the subnet information for the another Spoke aswell as the corresponding private network address of the next hop viathe DVPN channel.
 3. The method according to claim 1, wherein theestablishing the DVPN channel comprises: sending, by the Spoke, achannel establishing request packet to the Hub, wherein the channelestablishing request packet carries the local subnet information of theSpoke; and receiving, by the Spoke, a packet in response to the channelestablishing request packet sent by the Hub, which carries the subnetinformation about the Hub and the subnet information for the anotherSpoke as well as the corresponding private network address of next hop.4. The method according to claim 1, further comprising: when the subnetinformation about the Spoke changes, informing, by the Spoke, the Hubabout the subnet information changed via the DVPN channel, and enablingthe Hub to inform the another Spoke to change the subnet informationabout the Spoke; when the Spoke is off line, deleting, by the Spoke,routing information generated locally, informing the Hub with which theDVPN channel is established, to remove the corresponding DVPN channel,enabling the Hub to delete corresponding routing information and toinform the another Spoke to delete the corresponding routinginformation, and removing the DVPN channel established locally by theSpoke; wherein when the Spoke has established a DVPN channel with theanother Spoke, the method further comprises: when the subnet informationabout the Spoke changes, informing, by the Spoke, the Hub and theanother Spoke with which corresponding DVPN channel has established,about the subnet information changed via respective DVPN channel, andenabling the Hub to inform all other Spokes, each of which hasestablished a DVPN channel with the Hub, to change the subnetinformation about the Spoke; when the Spoke is off line, deleting, bythe Spoke, routing information generated locally, informing the Hub andthe another Spoke with which the corresponding DVPN channel isestablished, to remove the corresponding DVPN channel, enabling the Hubto delete corresponding routing information and to inform all of theother Spokes to delete the corresponding routing information, andremoving the DVPN channel established locally by the Spoke.
 5. Themethod according to claim 1, further comprising: when receiving anotification to remove the DVPN channel sent by the Hub, deleting, bythe Spoke, the routing information generated locally and the DVPNchannel, and trying again to establish the DVPN channel with the Hub,until the VAM server informs that the Hub is off line; wherein when theSpoke has established a DVPN channel with the another Spoke, the methodfurther comprises: when receiving a notification to remove the DVPNchannel sent by the another Spoke, removing, by the Spoke, thecorresponding DVPN channel established.
 6. The method according to claim1, further comprising: after receiving the subnet information about theanother Spoke and corresponding private network address of next hop sentby the Hub, determining, by the Spoke, whether the subnet routinginformation about the another Spoke has been generated locally; if thesubnet routing information about the another Spoke has been generatedlocally, generating and updating, by the Spoke, the subnet routinginformation, according to the received subnet information about theanother Spoke as well as the corresponding private network address ofnext hop; if the subnet routing information about the another Spoke hasnot been generated locally, generating, by the Spoke, the subnet routinginformation, according to the received subnet information about theanother Spoke and the corresponding private network address of next hop;and when receiving a notification to delete routing informationcorresponding to another Spoke sent by the Hub, deleting, by the Spoke,the corresponding routing information from the routing informationgenerated locally.
 7. The method according to claim 1, wherein whennetworking type is Hub-Spoke, the private network address of the nexthop is a private network address of the Hub; and when the networkingtype is Full-Mesh, the private network address of the next hop is aprivate network address of the another Spoke.
 8. A Spoke comprising aprocessor and a memory storing subnet information about the Spoke andmachine readable instructions which are executable by the processor to:establish a Dynamic Virtual Private Network (DVPN) channel with a Hub ofthe DVPN, according to Hub information issued by a Virtual PrivateNetwork Address Management (VAM) server which is separate from the Hub,and send the subnet information about the Spoke stored in the memory tothe Hub so as to enable the Hub to generate a subnet routing to theSpoke; receive, from the Hub, subnet information about the Hub andsubnet information about another Spoke which is associated with the Hub,as well as a corresponding private network address of a next hop to theanother Spoke; and generate subnet routing information about the Hub andthe another Spoke, according to the received subnet information aboutthe Hub and the another Spoke as well as the corresponding privatenetwork address of the next hop sent by the Hub; in response toreceiving a notification to remove the DVPN channel sent by the Hub,delete the subnet routing information generated locally and the DVPNchannel, and try again to establish a DVPN channel with the Hub, untilthe VAM server informs the Spoke that the Hub is off line; and inresponse to receiving a notification to remove a DVPN channel with theanother Spoke, delete the DVPN channel with the another Spoke.
 9. TheSpoke according to claim 8, wherein the instructions includeinstructions to: send the subnet information about the Spoke located bythe memory to the Hub via the established DVPN channel, after the DVPNchannel is established with the corresponding Hub, receive the subnetinformation about the Hub and the another Spoke, as well ascorresponding private network address of a next hop sent by the Hub viathe DVPN channel, wherein the subnet information about the another Spokeis obtained by the Hub.
 10. The Spoke according to claim 8, wherein theinstructions include instructions to: enable a channel establishingrequest packet destined for the Hub to carry local subnet information,when establishing the DVPN channel with the Hub, receive a packet inresponse to the channel establishing request packet, which carries thesubnet information about the Hub and another Spoke as well ascorresponding private network address of next hop sent by the Hub,wherein the subnet information about the another Spoke is obtained bythe Hub.
 11. The Spoke according to claim 8, wherein the instructionsinclude instructions to: inform the Hub the changed subnet informationvia the DVPN channel, when the subnet information about the Spokelocated by the memory changes, and enable the Hub to inform anotherSpoke to change the subnet information about the Spoke; when the Spokelocated by the memory is off line, inform the Hub with which the DVPNchannel is established, to remove the corresponding DVPN channel, enablethe Hub to delete corresponding routing information, and inform theanother Spoke to delete corresponding routing information; and when theSpoke located by the memory has established a DVPN channel with anotherSpoke, the subnet information about the Spoke located by the memorychanges, inform the Hub and the another Spoke, with which thecorresponding DVPN channel is established, the changed subnetinformation via respective DVPN channel, enable the Hub to inform all ofother Spokes, each of which has established a DVPN channel with the Hub,to change the subnet information about the Spoke; when the Spoke locatedby the memory is off line, inform the Hub and the another Spoke, withwhich the corresponding DVPN channel is established, to remove thecorresponding DVPN channel, enable the Hub to delete correspondingrouting information and to inform all of the other Spokes to deletecorresponding routing information; and delete the routing informationgenerated locally, and remove the DVPN channel established locally, whenthe Spoke located by the memory is off line.
 12. The Spoke according toclaim 8, wherein the memory further stores instructions executable bythe processor to: after receiving the subnet information about theanother Spoke and corresponding private network address of next hop sentby the Hub, determine, by the Spoke, whether the subnet routinginformation about the another Spoke has been generated locally; if thesubnet routing information about the another Spoke has been generatedlocally, generate and update, by the Spoke, the subnet routinginformation, according to the received subnet information about theanother Spoke as well as the corresponding private network address ofnext hop; if the subnet routing information about the another Spoke hasnot been generated locally, generate, by the Spoke, the subnet routinginformation, according to the received subnet information about theanother Spoke and the corresponding private network address of next hop;and in response to receiving a notification to delete routinginformation corresponding to another Spoke sent by the Hub, delete, bythe Spoke, the corresponding routing information from the routinginformation generated locally.
 13. The Spoke according claim 8, whereinif networking type is Hub-Spoke, the private network address of the nexthop is a private network address of the Hub; and if the networking typeis Full-Mesh, the private network address of the next hop is a privatenetwork address of another Spoke.